Skip to main content
HashnodeFoxcube IT Blog - IT advice for UK small businessesFoxcube IT Blog - IT advice for UK small businesses

Command Palette

Search for a command to run...

The phishing email that knows your manager's name: why AI has changed the game

Updated
3 min readView as Markdown
A
adamhfoxy

For years, spotting a phishing email was almost a party trick. Dodgy spelling, a greeting that got your name wrong, a link that obviously went nowhere near your bank. We all learned the tells.

That era is over.

Attackers now use the same generative AI tools the rest of us do, and they use them to write clean, fluent, convincing emails at scale. The message that references your actual manager by name, in their actual writing style, about a real project? That's not a coincidence anymore. The UK's National Cyber Security Centre has warned that criminals are using automation and AI to run these campaigns across thousands of targets at once, and that ransomware, which very often starts with a single phishing email, remains the most dangerous threat facing UK businesses.

It's working. As we covered in our breakdown of the government's latest Cyber Security Breaches Survey, more than four in ten UK businesses (43%) were hit by a cyber attack or breach in the past year, and phishing is behind the large majority of successful breaches.

The new tricks, beyond email

It isn't just text anymore. The same tools that write a convincing email can clone a voice from a few seconds of audio, or generate a passable video likeness. "Vishing" (a phone call that sounds like your finance director asking for an urgent transfer) is no longer science fiction. The defining feature of this new wave is that it removes the giveaways we were all trained to look for.

Why smaller businesses are squarely in the firing line

There's a comforting myth that hackers only go after big names. The opposite is true. Automated, AI-assisted attacks don't hand-pick victims; they go wide and hit whoever's least defended. Smaller firms tend to have thinner defences, which makes them the easy win.

It doesn't help that the basics are often missing. Research from BT found that around two in five small businesses haven't given their staff any cyber training at all. When the email is this convincing, an untrained team doesn't stand much of a chance.

What actually stops it

The reassuring news is that the defences haven't changed nearly as much as the attacks have. A few layers, applied consistently, stop the overwhelming majority of this:

  • Multi-factor authentication everywhere. Even if someone hands over a password, MFA blocks most account takeovers cold.

  • Email filtering that catches the obvious before it lands. Fewer suspicious messages reaching inboxes means fewer chances to slip up.

  • A simple "verify by a second channel" habit. Any unexpected request to move money or share data gets confirmed by phone or in person, never by replying to the message. This is the single best defence against the voice and video tricks.

  • Staff who know what to look for. Not a one-off lecture, but a steady awareness that this is normal now.

  • Monitored devices and accounts, so that if something does get through, it's caught fast. Where we fit in

At Foxcube, most of this runs by default. We patch, we enforce MFA, we filter, and we monitor, quietly, in the background, so that the bulk of these attacks never reach your team in the first place. And when something genuinely needs a human eye, you've got UK engineers who'll pick up the phone.

The attacks have got smarter. Your defences should keep pace. If you're not confident yours have, let's have a chat. Call 0115 732 3060 or email hello@foxcube.co.uk.

#phishing#phishingattacks#email

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

F

Foxcube IT Blog - IT advice for UK small businesses

4 posts

Practical IT support advice for small businesses in Nottingham and across the UK. Managed IT, cyber security, Microsoft 365 and more.